vanessa halter - nehta - national e-health transition authority - privacy & confidentiality in...

National E-Health Transition Authority www.nehta.gov.au1

Privacy & Confidentiality in Health:

Digital Records

eMedication Management Conference

15 March 2016

Vanessa Halter, CIPMSenior Privacy and eHealth Compliance Advisor

2 National E-Health Transition Authority www.nehta.gov.au

What does ‘privacy’ mean to you?

Like Love Haha Yay Wow Sad Angry

3 National E-Health Transition Authority www.nehta.gov.au

The potential for sharing health and information is a huge driver to implement eHealth.

However, increased availability does mean increased potential for privacy and

confidentiality breaches.

Previous attendees have raised …

4 National E-Health Transition Authority www.nehta.gov.au

5 National E-Health Transition Authority www.nehta.gov.au

6 National E-Health Transition Authority www.nehta.gov.au

Business case for privacy

Ethical and professional obligations:

Accreditation/registration

Integrity of the health system:

strong privacy will promote confidence in

healthcare services

Reputational damage:

for you and your patients

Legislative obligations: Australian Privacy

Principles

7 National E-Health Transition Authority www.nehta.gov.au

Privacy champion

Knows the business

Knows privacy

Builds privacy into design, policy and process

8 National E-Health Transition Authority www.nehta.gov.au

Collection

Use

StorageDisclosure

Destruction

Assess -> Address -> Monitor

9 National E-Health Transition Authority www.nehta.gov.au

Assess -> Address -> Monitor

• Who can access it?

• Is the information backed up/disaster recovery?

• Is it stored ‘securely’?

• Physical and technical controls

• What are the data breach/incident procedures?

10 National E-Health Transition Authority www.nehta.gov.au

Staff training

Staff can be your biggest asset but potentially your biggest privacy risk…

Training should be about empowering staff to confidently and competently uphold privacy

Training as part of

induction, and ongoing ‘refresher’

Content should be relevant to

the business

Keep a record as part of

employment files

11 National E-Health Transition Authority www.nehta.gov.auApollo 13, n.d. film photograph, viewed 7 March 2016<http://www.ncregister.com/images/uploads/apollo-13.jpg>

12 National E-Health Transition Authority www.nehta.gov.au

Privacy take homes

• Houston

• We

• Have

• A

• Problem

13 National E-Health Transition Authority www.nehta.gov.au

Privacy take homes

• H

• W

• H

• A

• P

andling privacy across entire patient journey

hy you should care: Business Case for privacy

ave a Privacy Champion

ssess > Address > Monitor your privacy risks

rivacy training

14 National E-Health Transition Authority www.nehta.gov.au

Contacthelp@nehta.gov.au

1300 901 001

Vanessa Halter, CIPMSenior Privacy and eHealth Compliance Advisorvanessa.halter@nehta.gov.au